CVE-2026-33936: python-ecdsa: Denial of Service via improper DER length validation in crafted private keys

Overview

Severity

Medium (CVSS 5.3)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploit Status

Not Exploited

Patch Tuesday

2026-Mar

Released

2026-03-29

Last Updated

2026-04-08

EPSS Score

0.05% (percentile: 16.7%)

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 1 repositories

Affected Products (2)

Other

• 19941-17084
• 19938-17086

Acknowledgments

<a href="https://www.0xmrma.com/">Mohamed Abdelaal (0xmrma)</a>

Revision History

• 2026-03-29: Information published.
• 2026-03-30: Information published.
• 2026-03-31: Information published.
• 2026-04-02: Information published.
• 2026-04-08: Information published.